What Is PCI Compliance and Why Is It Important?


PCI compianceWhen it comes to credit card processing, security should be a top priority for all merchants. After all, a data breach can cost you and your business hundreds of thousands — if not millions — of dollars in financial losses, not to mention lost customers and damage to your reputation.

One of the best ways to protect yourself and your customers is to work with your merchant services provider to achieve and maintain PCI compliance.

PCI compliance refers to adherence to the requirements laid out in the Payment Card Industry Data Security Standard (PCI DSS), which began as five different programs run by the five major credit card brands. In 2004, they aligned their policies and PCI DSS was born. Its goal is to be an information security standard to help protect customer account data on a global basis.

Of course, in reality, no one is 100 percent safe from a data breach. But by following the PCI DSS procedures, you’ll be better prepared to secure your customers’ personal data, protect your business from financial losses and remediation costs and preserve your valuable reputation.

The standards laid out in the PCI DSS cover security management, policies, procedures, network architecture, software design and other protective measures. They apply to all merchants that accept, transmit or store any cardholder data, regardless of size, wealth or number of transactions. They include:

Build and maintain a secure network

  • Install and maintain a firewall configuration to protect data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect cardholder data

  • Protect stored data.
  • Encrypt transmission of cardholders’ data sensitive information across public networks.

Maintain a vulnerability management program

  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.

Implement strong access control measures

  • Restrict access to data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.

Regularly monitor and test networks

  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.

Maintain an information security policy

To ensure that all credit card information is maintained in a secure environment, consult with your merchant services provider, who is also required to be PCI compliant.

PCI compliance may have additional costs associated with it, but the consequences of not abiding by the guidelines are even greater — potentially great enough to destroy your business, should a breach occur. Think of PCI compliance as an investment in your business and your future.

Photo credit: ntctexas.com

Bio: Beth Longware Duff is a professional editor and award-winning writer whose work on a wide variety of topics has been published in print and electronic media. She currently writes on a wide range of topics dealing with electronic payment processing for Merchant Express.


Business.com Editorial Staff

Business.com Editorial Staff

Author's Website: http://www.business.com

Author's Social Links: Author Google Plus Profile Link Author Facebook Profile Link Author Twitter Profile Link Author LinkedIn Profile Link

The Business.com Editorial Staff writes on topics relevant to small and medium-sized business (SMB) owners. Posts cover best practices, top tips, and studies that deliver insights specific to SMBs.

Our team has backgrounds in journalism, English, philosophy, marketing, entrepreneurship and management, providing us the opportunity to share unique viewpoints on all things affecting small and medium-sized businesses.

Posts by Business.com Editorial Staff

Quote of the Day – July 23, 2014

Richard Branson on Why Patents Kill Innovation

Quote of the Day – July 22, 2014

Quote of the Day – July 21, 2014

3 New Rules for Direct Mail in a Digital World

See all posts from this author »


View Comments

2 Responses to What Is PCI Compliance and Why Is It Important?

  1. This is extremely important for anybody that has a business whether it is a brick and mortar or an internet business. I happen to have both and have been in contact with my processor to make sure we are compliant. The consequences for not be compliant are great.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>